Anti-spam developer Cloudmark claims its high-volume content-filtering email gateway could prevent almost all unwanted email from reaching a network's mail servers.
Many carriers and large enterprises run basic filters and throttles at the network edge, because if they can reject spam there, it takes a pile of dirt off their …

COMMENTS

Simpler and cheaper

DENY from [IP range of China, Japan, Spain, Tiscali, Latin America, Quebec, Korea, Thailand, and if you don't expect traffic from the USA, them too]

The result is Balkanization of the Internet, from one point of view; from my point of view, it's quarantine of the major spam sources. I have cut my networks' spam uptake by over 95% this way, without losing any legitimate email.

Idiot suggesting blocking countries etc..

Obviously a home user suggesting this. It's pretty much impossible to tell where your "Ham" is going to come from. You can't block countries and expect the botnets which send spam to just, by chance, be within them! This guy needs to read up some whitepapers.

As for this solution, it's still far from the norm - with managed services why would you bother with yet another "Old" MTA style offering? It makes no sense letting the spam come all the way into their network. The words "Horse" "Dead" and "Flogging" all pop into mind.

@ Morely Dotes

My Spanish girlfriend will love your suggestion. She's so eager not to be able to email me.

As most spam comes from botnets, it would be better that ISP's would cut off infected pc's from their network until they have been reformatted/cleaned. It's the only way I see to fight spam. And of course capital punishment for spammers.

Block countries, seconded

"DENY from [IP range of China, Japan, Spain, Tiscali, Latin America, Quebec, Korea, Thailand, and if you don't expect traffic from the USA, them too]"

Ohhh yes, it works and the horses are pretty much alive. We run our own mail server and 99.9% of our business is done in the UK, and this is exactly what we do. Poland and East European countries included and our spam near zero. Any contacts within the excluded range is whitelisted.

Most if not all UK and West European ISPs are pretty diligent about enforcing open relays and use RBLs so almost all mail traffic through their servers is ham.

Double check all email

a) in addition to the purported sender, as at present, every sent message is required to have an extra header containing a unique sender reference number and a content checksum.

b) as the message passes through each server on its way to the recipient, it recalculates the checksum and sends a small datagram back to the purported sender, asking it to confirm that the sender's server really did send the message.

c) If it doesn't get positive confirmation, it doesn't pass it on but instead sends it to whoever is registered as providing internet connectivity to the server which forwarded it.

Performing the check by EACH server along the route ensures that the perpetrator can be more reliably identified -- if server C receives a spam which server B purports to have come from server A, it knows somebody in server B's jurisdiction is in collusion with the spammer and probably forged the headers, because B should have rejected the message if it couldn't get positive confirmation from A.

Double check all email (cont'd)

ps -- forgot to say -- a trojan might (initially) circumvent the above checking, if it uses the compromised sender's real address and goes through the sender's usual mail server, because the purported sender would confirm it as a valid message at each stage.

The result, however, would be that the trojanised source could be reliably identified (if you get such a spam, then you KNOW that it came from somewhere in the alleged sender's jurisdiction and whoever provides that sender's internet connectivity can refuse further mail from it until verified clean). At the moment, that process is complicated by forged headers, making it impossible to safely automate the process.

RE: don't actually have a comment...

Jim bloke – I agree and it is frustrating. I liked that chemicals piece myself and wouldn't have minded putting a comment or two.

Mind you, the BBC news site is really bad at not letting readers comment on serious stories whilst letting everyone comment on the magazine fluff. Given how the Beeb seems to copy a lot of Reg tech news maybe there's now a reciprocal back-flow ;-|

Anyway - SPAM. Surely the best way to deal with spam is to find those ultimately responsible (i.e. follow the ad to the seller) and, rather than take them to court, leave them in the company of a mob armed with blunt instruments who've had to delete spam on a daily basis for the last decade. Primitive, I know - but it might just work.

What works for individuals and companies doesn't work for ISPs

I use country filters at home too, as part of my filtering. They work really well for filtering email when you know that you are not going to get email from specific countries. This makes them useful for individuals and some sorts of companies.

But for an ISP, or a company that does business globally, they would create too many false positives (filtering desired email). An ISP must assume that his customers contacts can be anywhere in the world, so an ISP cannot implement blanket country filtering (although they could offer it as an option that customers could turn on and off).

To those who make blanket condemnations of country filters, consider white lists and blacklists. My whitelist and my blacklist would be useless to you. And your whitelist and your blacklist would be useless to me. It is the same with country filters.

It is obvious to those of us who use them that you do not filter countries that contain people and businesses you correspond with, and it is obvious that they are not a 100% solution.

Anti SPAM....

I agree with the comments about country filtering being unsuitable for many orgs.

The bit in this article that realy scares me is the comment about having the MTA scan outgoing messages.... "There's so much going on in your network that's not through your mail system, and if you can't detect that".... what?!? surely your firewall should already be dropping port 25 from anything that isn't you SMTP server??

Also, most people structure their networks such that the mail servers and MTA solutions sit in a DMZ area straight off the gateway... so very little is passing through your core network in any case. So filtering at the edge makes little difference to most users (after all you are still going to want it to traverse the firewall). I agree that in most cases outsources solutions such as Messagelabs offer better protection then any MTA based solution and have the added advantage lf filtering BEFORE the edge of your network, saving wastage of your far more sensitive and expensive internet connections >90)